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The claims defining the invoatioii sue as follows: 



1. A method of establishing secure data transmission in a communications 
network between a client and a remote network entity, the method comprising the 

5 steps of: 

(a) encoding an uplical media security token with enc.rypi.ed information, and 

(b) using the encrypted infnnnation to establish said secure data 
transmission. 

2. A method according to claim 1, wherein the encrypted information includes 
iu token and user identification information, step (b) including 

(i:) verifying at the client the authenticity of the token identification 
information, 

f d) upon verification, tons nutting the user identification information to the 
remote network entity, 
15 (e) verifying hI the remote network entity the authenlii:ity of the user 

identification information, and 

(0 verifying at the remote network entity the authorisation of the user to 
access one or more: applications. 

20 3. A method according to either one of claim 1 or 2, wherein the security token 
comprises optical media such as a CD-ROM, DVD or CD-MO. 

4. A method according to any one of the preceding claims, wherein step (a) 
includes: 

?.5 generating a iirst digital certificaTR incl uding the token identification information, 
and 

storing the first digital certificate on the security token. 

5 . A method according to claim 4, wherein .step (c) includes: 
30 decrypiing the first digital certificate, and 
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comparing the token identification information with re.f«rence token 
identification data. 

6. A method according to any one of the preceding claims, wherein step (a) 
s includes; 

' generating a second digital certificate including the user identification, 
information, and 

storing the second digital certificate on the security token. 

10 7. A method m:r.m ding to claim 6, wherein step (e) includes: 

decrypting the second digital ar.i lificate by using the public key of a Certification 
Authority. 

8. A method according to claim 7, wherein step (e) includes: 
is comparing the user identification inforrnjiliou with a certificate revocation 

list maintained by the Certification Authority. 

9. A method according to either of claims 7 or 8, wherein stop (d) includes: 
generating client data for transmission to the remote; network entity, 

20 attaching a user digital signature to the client data, and 

fc-ansmitting the client data and user digital signature to the remote network 

entity. 

10. A method according to claim 9, wherein step (e) includes: 
25 using Thfi decrypted second digital certificate to decrypt the i;l ient data at the 

remote network entity, 

11. A method according to any one of the preceding claims, wherein stop (f) 
includes: 

30 sending a challenge value from the, i emote network entity to the client, 
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sending a ^^ssx ,l ' , ' ise value from the client to the remote network entity, 
comparing the challenge and response values at the remote network entity. 

12. A method according t.n claim 1 1, and further including: 
5 maintaining in a user profile database a user password, 

wherein the response value is generated at the client by using the user 
password, a user pri vate key and the challenge value. 

13. A method according to claim 12 herein the challenge; and response values ore 
10 compared by using the hsci password, a user public key and the challenge value. 

14 A method according to any one of the preceding claims, whei ein step (c) is" 
repeated up lit a predetermined number of times to verify user authorisation. 

15 15 A secure data transmission system comprising a client and a remote network 
entity interconnected liy a conununications network, the client being adapted In read 
an optical media security token bearing encrypted information, 

X6. A secure data transmission system according to claim 15, wherein the encrypted 
20 information includes token and user identification information, and wherein 

the client includes a first data processing unit anri associated first memory 
device for storing code to causing the client to verify the authenticity of the token 
identification information, and 

upon verification, transmit the user identification information to the remote 
25 . network Rnti ty, and whciein 

the remote network entity includes a second data processing unit and . 
associated second memory device for storing code to cause the remote network 
entity to verify the authenticity of the user identification information, and verify the 
authorisation of the user to access one or more applications. 

30 
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17, A secure data transmission system according to claim 16, and wherein the 
code causes the client and/or the remote network enlily in perform the steps of any 
one or nit ire of claims 1 to 14. 

5 18. A remote network entity for use with a .scum e data transmission system 

according to claim 16, the remote network entity including a second data processing 
unit and associated second memory device for storing code to cause the remote 
network entity to verify the authenticity of the user idKutification information, and 
verify flie authorisation of the user to access one or more applications. 

10 

19. A client for use with a secure data (transmission system according to claim 
16, flic client including a first data processing unit and associated firs! memory 
device for storing codn In cause the client to verify the authenticity of the token 
identification information, and 
i* upon verification, transmit the user identification information to the remoLc 

network entity. 



9.0. A security token for use in a method according to any one claims 1 to 14, the 
optical media security token cumpiislng optical media such as a CD-ROM, DVD or 
20 CD-MO. 



25 
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